CVE-2011-0364 – Cisco Security Agent Management st_upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0364
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request. La consola de administración (webagent.exe) en Cisco Security Agent v5.1, v5.2 y v6.0 antes de v6.0.2.145 permite a atacantes remotos crear ficheros arbitrarios y ejecutar código de su elección a través de parámetros no especificados en una petición st_upload debidamente modificada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Security Agent Management Console. Authentication is not required to exploit this vulnerability. The flaw exists within the webagent.exe component which is handed requests by an Apache instance that listens by default on TCP port 443. When handling an st_upload request the process does not properly validate POST parameters used for a file creation. • https://www.exploit-db.com/exploits/17155 http://secunia.com/advisories/43383 http://secunia.com/advisories/43393 http://securityreason.com/securityalert/8095 http://securityreason.com/securityalert/8197 http://securityreason.com/securityalert/8205 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6cee6.shtml http://www.securityfocus.com/archive/1/516505/100/0/threaded http://www.securityfocus.com/bid/46420 http://www.securitytracker.com/id?1025088 http://www.vupen. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0147
https://notcve.org/view.php?id=CVE-2010-0147
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el Management Center para Cisco Security Agents v5.1 anterior a v5.1.0.117, v5.2 anterior a v5.2.0.296, y v6.0 anterior a v6.0.1.132, permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través de vectores sin especificar. • http://osvdb.org/62444 http://secunia.com/advisories/38619 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml http://www.securityfocus.com/bid/38272 http://www.securitytracker.com/id?1023606 http://www.vupen.com/english/advisories/2010/0416 https://exchange.xforce.ibmcloud.com/vulnerabilities/56346 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-5580
https://notcve.org/view.php?id=CVE-2007-5580
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. Un desbordamiento de búfer en un determinado controlador en Cisco Security Agent versiones 4.5.1 anteriores a 4.5.1.672, versiones 5.0 anteriores a 5.0.0.225, versiones 5.1 anteriores a 5.1.0.106, y versiones 5.2 anteriores a 5.2.0.238 en Windows, permite a los atacantes remotos ejecutar código arbitrario por medio de un paquete SMB especialmente diseñado en una sesión TCP en el puerto (1) 139 o (2) 445. • http://osvdb.org/39521 http://secunia.com/advisories/27947 http://securityreason.com/securityalert/3425 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl00618 http://www.cisco.com/en/US/products/products_security_advisory09186a008090a434.shtml http://www.nsfocus.com/english/homepage/research/0702.htm http://www.securityfocus.com/archive/1/484669/100/100/threaded http://www.securityfocus.com/bid/26723 http://www.securitytracker.com/id?1019046 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •